EP1629360B1 - Update system and method for updating a scanning subsystem in a mobile communication framework - Google Patents

Update system and method for updating a scanning subsystem in a mobile communication framework Download PDF

Info

Publication number
EP1629360B1
EP1629360B1 EP04759803.2A EP04759803A EP1629360B1 EP 1629360 B1 EP1629360 B1 EP 1629360B1 EP 04759803 A EP04759803 A EP 04759803A EP 1629360 B1 EP1629360 B1 EP 1629360B1
Authority
EP
European Patent Office
Prior art keywords
update
mobile communication
scanning subsystem
portions
handle
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
EP04759803.2A
Other languages
German (de)
English (en)
French (fr)
Other versions
EP1629360A2 (en
EP1629360A4 (en
Inventor
Victor Kouznetsov
Davide Libenzi
Michael C. Pak
Yasutaka Urakama
Kenji Ishii
Masanori Fujita
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NTT Docomo Inc
McAfee LLC
Original Assignee
NTT Docomo Inc
McAfee LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NTT Docomo Inc, McAfee LLC filed Critical NTT Docomo Inc
Publication of EP1629360A2 publication Critical patent/EP1629360A2/en
Publication of EP1629360A4 publication Critical patent/EP1629360A4/en
Application granted granted Critical
Publication of EP1629360B1 publication Critical patent/EP1629360B1/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/128Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/04Large scale networks; Deep hierarchical networks
    • H04W84/042Public Land Mobile systems, e.g. cellular systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • the present invention relates to mobile communication device security, and more particularly to scanning mobile communication devices for malware.
  • malware such as viruses, Trojan horses, and worms (referred to collectively hereinafter as “viruses”); and other unwanted/harmful content in much the same way as present day personal computers and workstations are susceptible.
  • viruses viruses, Trojan horses, and worms
  • anti-virus software In order to resist virus attacks, anti-virus software must be deployed into mobile platforms in much the same way as it has been deployed in the desktop environment.
  • a number of different desktop anti-virus applications are currently available. The majority of these applications rely upon a basic scanning engine which searches suspect files for the presence of predetermined virus signatures. These signatures are held in a database which must be constantly updated to reflect the most recently identified viruses.
  • users download replacement databases every so often, either over the Internet, from a received e-mail, or from a CDROM or floppy disk. Users are also expected to update there software engines every so often in order to take advantage of new virus detection techniques which may be required when a new strain of virus is detected.
  • Mobile wireless platforms present a series of problems for software developers (including developers of anti-virus software). Chief among these are the limited memory and processing power of mobile platforms, and the limited input/output capabilities which they possess (i.e. no CDROM or floppy drive, and no high bandwidth fixed line network or Internet connectivity). Unfortunately, this drawback makes any updating of mobile communication devices difficult.
  • a method for efficiently updating a scanning subsystem of a mobile communication device comprising the features of claim 1.
  • a computer program product for efficiently updating a scanning subsystem of a mobile communication device, the computer program product comprising the features of claim 15.
  • a system for efficiently updating a scanning subsystem of a mobile communication device comprising the features of claim 16.
  • a method for efficiently updating a scanning subsystem of a mobile communication device utilizing a backend server comprising the features of claim 17.
  • a system, method and computer program product are provided for efficiently updating a scanning subsystem of a mobile communication device. Initially received is a first portion of an update adapted for updating a scanning subsystem of a mobile communication device. Further, more portions of the update are received in addition to the receipt of the first portion of the update. The update is then installed with the scanning subsystem.
  • an integrity of the update may be determined. Accordingly, the update may be conditionally installed with the scanning subsystem, based on whether the integrity of the update is verified.
  • the integrity of the update may be determined utilizing a signature.
  • Such signature may be received with one of the portions (i.e. a last portion) of the update. Then, the signature may be compared against another signature generated utilizing each of the portions of the update.
  • a size of the portions of the update may be minimized.
  • the portions of the update may be compressed.
  • the additional portions of the update may be conditionally received based on whether it is determined that the first portion is empty. Again, such feature is beneficial in accommodating the limited bandwidth inherent in mobile communication frameworks.
  • scanning utilizing the scanning subsystem may be paused upon receipt of the update. Moreover, the scanning may be resumed upon the update being installed with the scanning subsystem.
  • each portion of the update may be designed to accommodate the limited bandwidth inherent in mobile communication frameworks.
  • each portion of the update may include a header.
  • Such header may indicate an identifier of the associated portion of the update, a length of the associated portion of the update, etc.
  • the update may be requested by the mobile communication device.
  • Such update may be requested by the mobile communication device utilizing a request data structure.
  • data structure may include variables such as a uniform resource locator (URL) variable, a mobile communication identifier variable, an application program interface version variable, a detection logic variable, a signature version variable, and/or a portion number variable.
  • URL uniform resource locator
  • FIG. 1 illustrates a mobile communication framework 100, in accordance with one embodiment.
  • a mobile communication device 102 and a backend server 104 capable of communicating via a wireless network.
  • the mobile communication device 102 may include, but is not limited to a cellular telephone, a wireless personal digital assistant (PDA), a wireless hand-held computer, a wireless portable computer or any other mobile device capable of communication via a wireless network.
  • PDA personal digital assistant
  • the mobile communication device 102 maybe equipped with a scanning subsystem 105.
  • scanning subsystem 105 may include any subsystem capable of scanning data that is either stored on the mobile communication device 102 or in communication therewith.
  • scanning may refer to on-access scanning, on-demand scanning, or any other type of scanning.
  • the scanning may involve content (i.e. text, pictures, etc.) represented by the aforementioned data, general security-type scanning for malware, etc.
  • the mobile communication device 102 maybe further equipped with a display 106 capable of depicting a plurality of graphical user interfaces 108 adapted for managing various functionality including the aforementioned scanning functionality.
  • the display 106 of the mobile communication device 102 is used to display data on a network (i.e. the Internet, etc.). See operation 1.
  • a network i.e. the Internet, etc.
  • the user may use the display 106 to browse various data on the network by selecting link or anchors for retrieving the data from the network via the backend server 104. See operation 2.
  • the scanning subsystem 105 is called to scan the retrieved data.
  • the scanning subsystem 105 is shown to have located malware in association with the retrieved data in operation 4.
  • a user is provided with an option via the display 106 to either halt the retrieval and/or use/access the data regardless of the identified malware.
  • Note operation 5 Based on the decision in operation 5, the user may or may not be the subject of an "attack,” as indicated in operation 6.
  • FIG. 2 illustrates a mobile communication framework 200, in accordance with another embodiment.
  • the present mobile communication framework 200 is similar to the mobile communication framework 100 of Figure 1 with the exception of the manner in which the mobile communication device reacts to the identification of malware in retrieved data.
  • the user is only provided with one option in operation 5. That is, the user is capable of only closing any dialogue associated with the data found to incorporate malware. Note operation 6.
  • FIG 3 illustrates an architecture 300 associated with a mobile communication device, in accordance with one embodiment.
  • the present architecture 300 may be incorporated into the mobile communication devices of Figures 1 and 2 .
  • the architecture 300 may be implemented in any desired context.
  • the present architecture 300 may include a plurality of mobile application programs 302.
  • the mobile application programs 302 may include any application program, software, etc. installed on a mobile communication device for carrying out various tasks. It should be further noted that such application programs 302 may also be implemented in firmware, hardware, etc. per the desires of the user.
  • the application programs 302 may include, but are not limited to a mail application program, where the tasks include managing electronic mail.
  • the application program may include a browser application program, where the tasks include browsing a network.
  • the application program may include a phone book application program, where the tasks include managing a plurality telephone numbers.
  • the application program may include a message application program, where the tasks include communicating messages. It should be noted that any type of application program may be included. For example, a Java application program or the like may be included.
  • a scanning subsystem 304 resides in communication with the application programs 302 via a first application program interface (API) 306 and a first library 308 associated with the scanning subsystem 304. More information regarding optional exemplary details relating to the first application program interface 306 and the first library 308 will be set forth later in greater detail during reference to Figures 4-12 .
  • API application program interface
  • the application programs 302 may communicate information to the scanning subsystem 304 to facilitate the scanning by the scanning subsystem 304. Such information may relate to the type of data to be scanned, and the timing associated with such scanning. More exemplary information regarding the way in which the scanning subsystem 304 interacts with the application programs 302 in such a manner will be set forth during reference to Figures 13-15 .
  • the first library 308 may include an update manager 310, a configuration manager 312, and a signature database 314.
  • the update manager 310 may manage the process with which the signature database 314 is updated with the latest signatures for scanning purposes.
  • the update process may be streamlined to accommodate the limited bandwidth inherent in mobile communication frameworks. More exemplary information regarding such update process will be set forth during reference to Figures 16-17 .
  • an operating system 316 installed on the mobile communication device and adapted for executing the application programs 302.
  • the scanning subsystem 304 may be platform-independent, and thus be capable of being implemented on any type of operating system/mobile communication device combination.
  • a second application program interface 318 and a second library 320 capable of supporting various functionality such as system/library initialization 322, error functions 336, memory allocation 334, input/output (I/O) 328, data authentication 332, synchronization 330, hypertext transfer protocol 326, device information 324, debugging 338, and other functionality (i.e. shared memory, system time, etc.).
  • the second application program interface 318 may be platform independent, similar to the scanning subsystem 304. More information regarding optional exemplary details relating to the second application program interface 318 and the second library 320 will be set forth later in greater detail during reference to Appendix A.
  • Figure 4 shows a system 400 for accessing security or content analysis functionality utilizing a mobile communication device, in accordance with one embodiment.
  • the present system 400 may be implemented in the context of the application programs, scanning subsystem, and operating system of the architecture 300 of Figure 3 . It should be noted, however, that the present system 400 may be implemented in any desired context.
  • an operating system 402 installed on a mobile communication device capable of communicating via a wireless network.
  • an application program 404 installed on the mobile communication device and executed utilizing the operating system 402 for performing tasks.
  • a scanning subsystem 406 remains in communication with the application program 404 via an application program interface and an associated library (see, for example, the first application program interface 306 and first library 308 of Figure 3 ). Such scanning subsystem 406 is adapted for accessing security or content analysis functionality in conjunction with the tasks performed by the application program 404.
  • the security or content analysis may include security analysis.
  • the security or content analysis may include content analysis.
  • the security or content analysis may include on-demand virus scanning and/or on-access virus scanning.
  • the security or content analysis functionality may be applied to application data associated with the tasks performed by the application program 404.
  • the application data may include any data input, processed, output, or otherwise associated with the performance of the tasks carried out by the application program 404.
  • FIG. 5 shows a framework 500 for accessing security or content analysis functionality utilizing a mobile communication device, in accordance with an application server embodiment of the system 400 of Figure 4 . It should be noted that the present framework 500 may be implemented in any desired context.
  • the scanning subsystem may include a scanning program 502 that communicates with the application program 504 via the application program interface 506 and an associated protocol (i.e. uItron messaging system).
  • the application program interface 506 may involve a first component 508 associated with the scanning program 502 and a second component 510 associated with the application program 504.
  • Various calls 512 provided with the application program interface 506 may include an open call, a data call, and a close call.
  • the scanning program 502 may scan application data 516 associated with the tasks performed by the application program 504.
  • FIG. 6 shows a framework 600 for accessing security or content analysis functionality utilizing a mobile communication device, in accordance with a re-entrant library embodiment of the system 400 of Figure 4 . It should be noted that the present framework 600 may be implemented in any desired context.
  • the scanning subsystem may include a re-entrant library 602.
  • the scanning subsystem re-entrant library 602 may be linked to an application program 604 at run-time.
  • an application program interface 606 may be populated into each of a plurality of application programs 604.
  • the application program interface 606 may involve various calls 612 including an open call, a data call, and a close call.
  • the re-entrant library 602 may be used to scan application data 616 associated with the tasks performed by the application program 604.
  • Figure 7 shows an on-demand scanning system 700 implemented in the context of the system 400 of Figure 4 . It should be noted that the present system 700 may be implemented in any desired context.
  • On-demand scanning provides scanning of stored application data 702 for malicious content or code for removal.
  • the user may initiate on-demand scanning via a user interface 703.
  • each application program 704 may call a scanning subsystem 706 to perform scanning of objects stored in the corresponding memory.
  • on-access scanning provides identification of malicious code or content before the application program 704 processes or renders the application data 702.
  • the on-access scanning is transparent to the user until the scanning subsystem 706 detects malicious application data 702.
  • FIG 8 shows a hierarchy of various components of an application program interface 800 which may be used to interface mobile application programs and a scanning subsystem, in accordance with one embodiment.
  • the present application program interface 800 may be implemented in the context of the system 400 of Figure 4 . It should be noted, however, that the present application program interface 800 may be implemented in any desired context.
  • the application program interface functions include MDoScanOpen() 802, MDoScanClose() 804, MDoScanVersion() 806, and MDoScanData() 808.
  • MoDoScanOpen() 802 and MDoScanClose() 804 are used to create/open and close a scanning subsystem object instance.
  • MDoScanVersion() 806 provides scanning subsystem and signature pattern data version information.
  • MDoScanData() 808 performs content/data scanning and reporting.
  • MDoScanUpdate() 810 that provides malware signature database and detection logic updates.
  • MDoScanUpdate() 810 When MDoScanUpdate() 810 is called by an update application, the library connects to a remote back-end server (see, for example, Figure 1 ) and downloads the latest files (i.e. mdo.sdb, mdo.pd).
  • Scanning subsystem configuration is done using the MDoConfigOpen() 812, MDoConfigClose() 814, MDoConfigGet() 816, and MDoConfigSet() 818.
  • a configuration handle is obtained by calling the present application program interface 800, the calling application program uses the get and set configuration API to query and set scanning subsystem configuration variables.
  • MDoGetLastError() 820 is also included in the present application program interface 800. This function is used to retrieve information about the last error that occurred.
  • MDoSystemInit() 825 is called to initialize the library environment settings.
  • the library keeps configuration settings, malicious code detection logic (i.e. mdo.pd) and signature database (i.e. mdo.sdb), and internal variables (i.e. synchronization objects, etc.) at fixed persistent storage locations.
  • MDoLibraryOpen() 830 and MDoLibraryClose() 840 are used to initialize the library.
  • An application program may call MDoLibraryOpen() 830 before any other API calls are made, and the application program may call MDoLibraryClose() 840 before terminating.
  • the application program interface 800 may be capable of supporting various functionality such as system environment initialization, version status information retrieval, updating the scanning subsystem, scanning, configuring the scanning subsystem, etc. using various application program interface components. More information will now be set forth regarding the foregoing functionality in the context of the application program interface 800.
  • MDoSystemInit() 825 performs validation and environment initialization for data kept at specific persistent storage locations.
  • a malicious code/content signature pattern database i.e. mdo.sdb
  • detection logic i.e. mdo.pd
  • configuration settings i.e. mdo.pd
  • synchronization objects may be stored at these locations.
  • MDoSystemInit() 825 may be called once (i.e. at boot-time) before any of the API functions are executed.
  • Table #1 illustrates exemplary information regarding MDoSystemInit() 825.
  • the application program interface 800 includes a plurality of library interface components.
  • the API interface instantiation may be accomplished using MDoLibraryOpen() 830.
  • the instantiated library interface handle obtained using this function may be used for subsequent API calls.
  • MDoLibraryClose() 840 may be called to release the handle.
  • Figure 9 illustrates an exemplary library interface initialization 900 utilizing MDoLibraryOpen() 830 and MDoLibraryClose() 840.
  • Table #2 illustrates exemplary information regarding MDoLibraryOpen() 830. Table #2
  • Table #3 illustrates exemplary information regarding MDoLibraryClose() 840.
  • MDoGetLastError() 820 provides the application program with information about the last error occurred.
  • Table #4 illustrates exemplary information regarding MDoGetLastError() 820.
  • the MDoErrorCode data type may be defined as a 32-bit unsigned integer which contains both component and error codes. Often times, the error information retrieved may be set at the platform abstraction API layer. For this reason, the MDoErrorCode format given herein is similar to AlErrorCode format defined by the abstraction layer API (See Appendix A).
  • Figure 10 illustrates an exemplary format 1000 of MDoErrorCode, in accordance with one embodiment.
  • Table #5 illustrates exemplary information regarding MDoGetLastError() 820.
  • Exemplary Computer Code #1 illustrates a sample library calling sequence with a call to MDoGetLastError() 820.
  • An error code reported by MDoGetLastError 820 includes two parts: component code and error code. See Appendix A for more information. Table #6 lists exemplary error codes and corresponding component codes. MDoGetLastError 820 also returns error codes set at the abstract library layer. It should be noted that the following list is for illustrative purposes only and should not be construed as limiting in any manner. Table #6 Component Code Error Code Description MDO_ERROR_MODUL E MDOE_CFG_UNKNOWN_VARIABLE Unknown/invali d configuration variable name. ML_ERROR_MODULE MLE_XFILE_SEEK_MODE Invalid meta file seek mode value.
  • MLE_XFILE_SEEK_OOB Invalid meta file seek location. MLE_XFILE_SIZE_OOB Invalid meta file size. MLE_PKG_INVALID_FILE Invalid update package file. MLE_PKG_INVALID_FORMAT Invalid update package file format. MLE_SDB_INVALID_POSITION Invalid SDB record position. MLE_SDB_INVALID_STRUCTURE Invalid/corrup t SDB record structure. MLE_SDB_RECORD_NOT_FOUND Missing SDB record. Record not found. MLE_SDB_NO_INODES No more SDB INode space. MLE_SDB_NO_BLOCKS No more SDB block space.
  • MLE_SDB_INVALID_OFFSET_SIZE Invalid SDB offset MLE_SDB_BAD_INITIALIZE_PARAMS Invalid SDB initialization parameter(s).
  • MLE_ME_INVALID_SUBTYPE Invalid sub-record ID value MLE_ME_INVALID_TYPE Invalid sub-record ID value.
  • MLE_ME_VIRUS_NOT_FOUND Missing/invali d virus code MLE_DBU_INVALID_COMMAND Invalid SDB update command.
  • MLE_MALL_VREC_ARRAY Bad virus-record array size MLE_ME_TOO_MANY_WVSELECT_BUCKET S Failed to add new SDB record.
  • the application program interface 800 includes a plurality of scanning subsystem components.
  • the scanning subsystem API components provide data/content scanning and signature update service. Included are MDoScanOpen() 802, MDoScanClose() 804, MDoScanVersion() 806, MDoScanUpdate() 810, and MDoScanData() 808.
  • MDoScanOpen() 802 is used for scanning subsystem object instantiation.
  • MDoScanVersion() 806 provides scanning subsystem and signature database version information.
  • MDoScanUpdate() 810 performs the signature database update.
  • MDoScanData() 808 performs malicious code/content data scanning.
  • Figure 11 illustrates a scanning subsystem API call sequence 1100, in accordance with one embodiment.
  • Table #7 illustrates exemplary information regarding MDoScanOpen() 802.
  • Table #8 illustrates exemplary information regarding MDoScanClose() 804.
  • Table #9 illustrates exemplary information regarding MDoScanVersion() 806.
  • Exemplary Computer Code #2 illustrates a sample version information structure.
  • the mobile communication device identification string reported by MDoScanVersion() 806 is set using the device identification string returned by AlDevGetInfo. (See Appendix A).
  • Table #10 illustrates exemplary information regarding MDoScanData() 808. Table #10
  • Table #11 illustrates exemplary information regarding MDoScanUpdate() 810 .
  • the calling application program may set the function pointer and the data to be passed to the function when calling the function.
  • Table #12 Callback Reason (iReason) Description MDO_UCB_STATUS Callback is made to report update status.
  • pParam points to the SStatus structure.
  • SStatus.iCurrent contains amount of data received and iTotal reports the total update data size in bytes.
  • MDO_UCB_CANCEL Callback is made to see if update cancellation is set.
  • pParam points NULL.
  • the application program interface 800 includes a plurality of configuration components. Included is a set of functions used to retrieve and specify the scanning subsystem settings. One goal of these functions is to provide application programs and the scanning subsystem with centralized runtime configuration access.
  • the configuration data is stored in non-volatile persistent data storage (i.e. flash memory, etc.).
  • FIG. 12 illustrates one exemplary configuration API call sequence 1200, in accordance with one embodiment.
  • MDoConfigOpen() 830 returns a handle to be passed to the configuration retrieval and specification functions.
  • MDoConfigClose() 814 is used to release and close the configuration handle returned by MDoConfigOpen() 812.
  • MDoConfigSet() 818 sets a specified configuration variable with a specified value, and MDoConfigGet() 816 returns a configuration value for a specified variable.
  • Configuration variable(s) settings modified by MDoConfSet() 818 is not necessarily saved to the permanent storage until MDoConfigClose() 814 is called.
  • Application programs may call configuration open, get or set, and immediately follow with the close function when accessing and/or specifying a variable value.
  • the configuration variables and values specified/retrieved using the configuration components of the application program interface 800 may be represented in null-character (' ⁇ 0') terminated, 8-bit character strings.
  • Table #13 lists available configuration variables. Table #13 Configuration Variable Value/Example Description "ScanEnable” "0” disable scanning "1” enable scanning "UpdateURL” "http://update.mcafeeacsa.com/504i" Base-URL for signature for update (see section 0)
  • Table #14 illustrates exemplary information regarding MDoConfigOpen() 812. Table #14
  • Table #15 illustrates exemplary information regarding MDoConfigClose() 814. Table #15
  • Table #16 illustrates exemplary information regarding MDoConfigGet() 816.
  • Table #17 illustrates exemplary information regarding MDoConfigSet() 818. Table #17
  • the application programs may communicate information to the scanning subsystem to facilitate the scanning by the scanning subsystem. This communication may be facilitated via the API described above.
  • the foregoing information may relate to the type of data to be scanned, and the timing associated with such scanning. More description regarding the manner in which the above API accomplishes such will now be set forth.
  • the calling application program may supply the scanning subsystem with a scanning parameter using the SScanParam structure.
  • the information contained in the scan parameter provides the scanning subsystem with: 1) scanning subsystem action type (i.e. iAction), 2) the scan data type (i.e. the type of the application data to be scanned - iDataType), 3) data pointer to the scan target (i.e. pPrivate), 4) function to retrieve the data size in bytes (i.e. pfGetSize), 5) function to resize the scan data (i.e. pfSetSize), 6) function used by the scanning subsystem to retrieve a block of scan data (i.e. pfRead), 6) function used to write to the scan data (i.e. pfWrite), and 7) call-back function for scanning subsystem status/progress reporting (i.e. pfCallBack).
  • scanning subsystem action type i.e. iAction
  • the scan data type i.e. the type of
  • Exemplary Computer Code #4 illustrates a data scan parameter structure.
  • the scan action specifies the type of scanning to be performed on supplied application data.
  • Table #18 illustrates various exemplary scan actions.
  • Table #18 Scan Action ID Description MDO_SA_SCAN_ONLY The scanning subsystem performs scanning and reports malicious code found. No repairing will be performed. MDO_SA_SCAN_REPAIR After performing scanning, object containing malicious code will be repaired.
  • the calling application program may inform the scanning subsystem of the application data type and format using this variable.
  • Figure 13 illustrates various exemplary application data types 1300 which the application programs are capable of communicating to the scanning subsystem via the API.
  • the url-string format may conform to the Uniform Resource Locators (RFC 1738) specification.
  • the email-string format may conform with the Internet E-mail address format (RFC 822) specification.
  • the default domain may be set to any desired domain.
  • the phone-number string may include the numeric characters '0' through '9', and the '#' and '*' characters.
  • a pointer (or handle) to an application scan object is further provided.
  • the scanning subsystem does not necessarily perform direct memory I/O using this data pointer/handle.
  • the data pointer/handle is passed back to the caller to perform read/write using the caller specified I/O functions.
  • the present function is used by the scanning subsystem to obtain the scan target data size (in bytes) from the calling application program.
  • This function is used by the scanning subsystem to request the calling application program to resize the application data being repaired/cleaned to a given size (in bytes). This function may be used in conjunction with the scan-and-repair/delete option.
  • the instant function may be used by the scanning subsystem to read a specified amount of application data from the calling application program.
  • This function pointer may be set if the scan-action is set for repair or deletion.
  • the scanning subsystem calls the specified function with the information described in below table.
  • the callback function if returned with a negative return value, aborts the scanning process.
  • Table #19 sets forth an exemplary callback code list.
  • Table #19 Callback Reason ID Description MDO_CB_DETECTED Informs the calling application program a malicious code has been detected in the scan target.
  • the callback data argument 'arg' is set to pointer to a SCBArg structure.
  • MDO_CB_CLEAN_READY Informs the calling application program identified malware is ready to be cleaned/repaired.
  • the callback data argument 'arg' is set to pointer to a SCBArg structure.
  • Exemplary Computer Code #5 illustrates a scanning subsystem callback structure.
  • the result of object scanning, detected malware information is returned to the calling application program in the SScanResult structure provided by the calling application program.
  • the SScanResult structure contains a pointer to a structure that contains scan result information, and a pointer to a function used to remove the scan result resource.
  • the memory used to hold the scan result is allocated by the scanning subsystem and freed by calling the function pointed by the pfDeleteResult pointer.
  • Computer Code #6 illustrates a sample calling sequence.
  • Exemplary Computer Code #7 illustrates a detected malicious code/content information structure
  • Exemplary Computer Code #8 illustrates a scan result structure.
  • Figure 14 shows a bit-field variable 1400 containing malware severity flags and application program behavior levels included in the SDetect structure, in accordance with one exemplary embodiment.
  • Table #20 sets forth an exemplary malware severity class list. Table #20 Severity Flag Description MDO_SC_USER Detected malware is harmful to the user. MDO_SC_TERMINAL Detected malware is harmful to the device.
  • the scanning subsystem sets the MDO_SC_USER flag, if the scanned application data contains malware harmful to the user of the mobile communication device.
  • MDO_SC_TERMINAL flag is set if it is harmful to the mobile communication device itself.
  • Both MDO_SC_USER and MDO_SC_TERMINAL flags are set if it is harmful to both the user and the mobile communication device.
  • the application program behavior level specifies what to do with the application data containing the detected malware.
  • Table #21 lists the behavior level values and corresponding actions by the application program.
  • Table #21 Behavior Level Description MDO_BC_LEVEL0 Process with a warning. This severity level may be assigned to data previously considered malicious.
  • MDO_BC_LEVEL1 Prompt the user before processing. Ask the user if he/she wants the application to process the data.
  • MDO_BC_LEVEL2 Do not process the data.
  • MDO_BC_LEVEL3 Do not process the data and prompt user for removal. If the content is stored on the device, prompt the user for permission before removal.
  • MDO_BC_LEVEL4 Do not process the data and automatically remove if stored.
  • the calling application program When multiple malicious codes are found in a scanned application data, the calling application program is expected to act with the highest behavior level. For example, if both MDO_BC_LEVEL0 and MDO_BC_LEVEL3 are reported, the application program may take on MDO_BC_LEVEL3 actions.
  • Figure 15 illustrates a chart 1500 setting forth the manner in which the timing of scanning by the scanning subsystem varies as a function of the data types identified via the variables of Figure 13 .
  • the update process may be streamlined to accommodate the limited bandwidth inherent in mobile communication frameworks. More information regarding the various ways that this may be accomplished will now be set forth.
  • the MDoScanUpdate function provides two components [i.e. malicious code detection logic (mdo.pd) and signature database (mdo.sdb)] with update service.
  • One component i.e. mdo.pd
  • Another component i.e. mdo.sdb
  • a full update for the second component may be performed on mobile communication devices with versions older than n. For example, if n is set to 5, and the latest version is 20, then a full update is performed on mobile communication devices with a version older than 15.
  • FIG 16 illustrates an exemplary flow 1600 describing the manner in which the update is initiated by a user interface, in accordance with one embodiment.
  • the virus pattern update may be initiated by the mobile communication device user by selecting a menu entry via a user interface 1602. Once the user selects the update menu, an update application 1604 is activated and connects to a back end server via the appropriate update interface function 1606.
  • the update library may communicate with the back end server via HTTP protocol.
  • Figure 17 illustrates a method 1700 for efficiently updating a scanning subsystem of a mobile communication device, in accordance with one embodiment.
  • the present method 1700 may be implemented in the context of the application programs, scanning subsystem, and operating system of the architecture 300 of Figure 3 and systems of Figures 1 and 2 . It should be noted, however, that the present method 1700 may be implemented in any desired context.
  • a request for an update may be sent from at least one mobile communication device to a back-end server.
  • the update may be sent without a request.
  • the update may be requested by the mobile communication device utilizing a request data structure.
  • data structure may include variables such as a uniform resource locator (URL) variable, mobile communication identifier variable, an application program interface version variable, a detection logic variable, a signature version variable, and/or a portion number variable.
  • URL uniform resource locator
  • Table #22 illustrates an exemplary URL that may be used for such purpose.
  • Table #22 ⁇ BASE-URL> update server URL obtained using the MDoConfigGet function (see section 0) ⁇ DEV-ID> Mobile communication device identifier; returned by the AlDevGetInfo function.
  • Table #23 illustrates a specific example of a URL that conforms with the above description.
  • the above URL of Table #23 specifies base-URL "http://update.mcafeeacsa.com/504i", "X504i05” as the device identifier, API version 2, malicious code detection logic version 3, and signature database version 56. It should be noted that the "chunk,” or portion, number may be set to 1 when the mobile communication device initially contacts the back end server. Also, the base-URL may be obtained using the MDoConfigGet API using the "UpdateURL" configuration variable.
  • the back end server After receiving the request, the back end server determines which update package needs to be downloaded by comparing stored malicious code detection logic and signature database versions with the version information encoded in the URL.
  • the backend returns a no-content response.
  • the mobile communication device receives the response as the first portion. If it is determined that the first portion includes the foregoing no-content response (see decision 1702 ), the method 1700 is terminated, as there is no update to download. Such feature is beneficial in accommodating the limited bandwidth inherent in mobile communication frameworks.
  • the method 1700 is continued by receiving additional portions of the update subsequent to (or possibly in parallel with) the receipt of the first portion of the update. Note operations 1704-1708. It should be noted that the first portion may be accompanied with the total package size and portion count information.
  • the portion number of the download URL may be modified.
  • Table #24 illustrates a specific example of a URL that specifies portion number "3.”
  • integrity of the update may be determined. Accordingly, the update may be conditionally installed with the scanning subsystem, based on whether the integrity of the update is verified.
  • the integrity of the update may be determined utilizing a signature.
  • Such signature may be received with one of the portions (i.e. a last portion) of the update. Then, the signature may be compared against another signature generated utilizing each of the portions of the update. Note operation 1710.
  • the signature may be generated using a RSA private key and authenticated on the mobile communication device using a corresponding public key included in the update.
  • the signature verification and generation may further be performed using a specified authentication library.
  • any scanning being performed by the scanning subsystem is paused, or halted. Note operation 1712. It should be noted that such pausing may be optional.
  • the update may be installed with the scanning subsystem. Note operation 1714.
  • the scanning may subsequently be resumed utilizing the scanning subsystem upon the update being installed with the scanning subsystem. See operation 1716.
  • a size of the portions of the update may be minimized.
  • the portions of the update may be compressed.
  • a format of each portion of the update may be designed to accommodate the limited bandwidth inherent in mobile communication frameworks. More information will now be set forth regarding such format.
  • Table #25 illustrates an exemplary format for downloading the portions of the update.
  • Each part is made up of a header and data.
  • Such header may indicate an identifier of the associated portion of the update, a length of the associated portion of the update, etc.
  • the header may specify the contained data name and length, and be separated from the actual data with an extra CR+LF pair.
  • Table #27 sets forth exemplary data/content names associated with the header. Table #27 Component Name Description "pd" detection logic "sdb" signature database update
  • Table #28 illustrates an exemplary update package.
  • a platform-independent system and associated method are provided for use with a mobile communication device. Included is a platform- independent scanning subsystem in communication with the operating system of a mobile communication device for scanning purposes. Further provided is a platform- independent application program interface for interfacing the operating system and the scanning subsystem.
  • the platform-independent application program interface includes an abstract library for porting the platform-independent scanning subsystem to the mobile communication device and associated operating system.
  • the scanning subsystem may be platform-independent, and thus be capable of being implemented on any type of operating system/mobile communication device combination.
  • the abstract library may support system initialization, library initialization, error functions, memory allocation, input/output (I/O), data authentication, synchronization, hypertext transfer protocol, shared memory, system time, device information, and debugging. More exemplary information relating to one optional implementation of the foregoing application program interface is set forth in Appendix A.
  • the present application program interface includes the following subsystems:
  • a layer for use in the API library.
  • AlLibrarySysInit This function is designed to be called from the MDoSystemInit () function described earlier.
  • the platform abstraction API library is initialized using the Al InitLibrary () function.
  • the abstraction library is to be initialized once before an abstraction API function is called.
  • the system resource obtained and initialized by AlInitLibrary () is released when the AlCleanupLibrary () function is called.
  • the AL library includes a set of error functions used to set and retrieve task/thread specific error codes. It is the responsibility of the abstraction layer implementer to set appropriate error codes and component codes.
  • An error reported using the AlSetLastError function is a 32-bit value formed by combining a component code with an error code.
  • the error set at the AL level is retrieved using the MDoGetLastError function to take an appropriate action when an error occurs.
  • the abstraction layer provides a heap memory allocation API for a calling application program (i.e. a "caller") to dynamically allocate memory needed.
  • the allocated memory is assumed to be globally sharable which can be accessed by multiple applications/tasks.
  • the AlMemAlloc () and AlMemFree () API functions provide allocation and deallocation of the heap memory.
  • Function Description void* AlMemAlloc ( unsigned int uSize) allocate a block of dynamic memory void AlMemFree ( void* ptr) free memory allocated using AlMemAlloc
  • the persistent storage (i.e. flash memory) access is performed using a file I/O API. See below: Name Description AL_FILE_HANDLE AlFileOpen ( char const* pszFilename, int iMode) open, create if necessary, specified file and return its handle void AlFileClose ( AL FILE HANDLE hFile) close file handle returned by AlFileOpen () unsigned int AlFileSeek( AL_FILE_HANDLE hFile) reposition file offset unsigned int AlFileRead( AL_FILE_HANDLE hFile, void* pBuffer, unsigned int uSize) read from a file handle unsigned int AlFileWrite( AL_FILE_HANDLE hFile, void const * pBuffer, unsigned int uSize) write to a file handle int AlFileSetSize ( AL_FILE_HANDLE hFile, unsigned int uS
  • the file handle type AL_FILE_HANDLE is defined as
  • the file status buffer type AlStatBuf is defined as
  • the platform abstraction API includes a set of functions for authenticating data.
  • the data authentication API is used to validate downloaded malware signature database.
  • AlDaGetSignerInfo is used to retrieve a signer information.
  • AlDaClose is used to close and release data authentication handle and related system resources.
  • AL_DA_HANDLE AlDaOpen ( const void *pSig, unsigned int uSigSize) Obtain data authentication handle from a given signature/certificate void AlDaClose ( AL_DA_HANDLE hHandle) Close data authentication handle obtained using AlDaOpen ( ) AlDaVerify( AL_DA_HANDLE hDA, int (*pfRead)(void *, void *, int), void *pPrivate) Data authentication function.
  • the caller provides a data retrieval method via callback function.
  • int AlDaGetSignerInfo ( AL_DA_HANDLE hDA, DaSignerInfo *pDSI) retrieve signer information.
  • the data authentication handle returned by the AlDaOpen () function is defined as
  • the signer information structure is defined as
  • a set of functions that provide HTTP network I/O using a caller provided callback structure is a set of functions that provide HTTP network I/O using a caller provided callback structure.
  • void AlHttpClose ( AL_HTTP_HANDLE hHandle) Close HTTP I/O handle.
  • int AlHttpExec AL_HTTP_HANDLE hHandle, char const* pszMethod, char const* pszURL, AlHttpCallbacks* pHttpCb, void* pPrivate
  • the callback functions given in the above HTTP callback structure provide the following functionalities: pWrite Called by the system HTTP library to store incoming HTTP request data. pRead Used to retrieve application data to be sent as part of an HTTP request. pGetSize Provides the HTTP library with application's content data size, "Content-Length”. pSetSize Called by the HTTP library to inform calling application with incoming content data length when available.
  • the location of the system memory where the library's shared objects are stored is obtained using the AlShmAddress () function.
  • This shared information area is allocated/prepared at device boot time and referenced by different instances of the library.
  • AlTmGetCurrent () provides callers with the current system time in seconds.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Stored Programmes (AREA)
  • Telephone Function (AREA)
EP04759803.2A 2003-04-17 2004-04-05 Update system and method for updating a scanning subsystem in a mobile communication framework Expired - Lifetime EP1629360B1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US46388503P 2003-04-17 2003-04-17
US10/639,007 US7254811B2 (en) 2003-04-17 2003-08-11 Update system and method for updating a scanning subsystem in a mobile communication framework
PCT/US2004/010585 WO2004095167A2 (en) 2003-04-17 2004-04-05 Update system and method for updating a scanning subsystem in a mobile communication framework

Publications (3)

Publication Number Publication Date
EP1629360A2 EP1629360A2 (en) 2006-03-01
EP1629360A4 EP1629360A4 (en) 2009-09-09
EP1629360B1 true EP1629360B1 (en) 2018-06-13

Family

ID=33162397

Family Applications (1)

Application Number Title Priority Date Filing Date
EP04759803.2A Expired - Lifetime EP1629360B1 (en) 2003-04-17 2004-04-05 Update system and method for updating a scanning subsystem in a mobile communication framework

Country Status (7)

Country Link
US (1) US7254811B2 (ko)
EP (1) EP1629360B1 (ko)
JP (1) JP4448849B2 (ko)
KR (1) KR101071597B1 (ko)
CA (1) CA2517548C (ko)
NO (1) NO336580B1 (ko)
WO (1) WO2004095167A2 (ko)

Families Citing this family (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6970697B2 (en) 2003-04-17 2005-11-29 Ntt Docomo, Inc. Platform-independent scanning subsystem API for use in a mobile communication framework
US7392043B2 (en) * 2003-04-17 2008-06-24 Ntt Docomo, Inc. API system, method and computer program product for accessing content/security analysis functionality in a mobile communication framework
US9350752B2 (en) 2003-07-01 2016-05-24 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US9118711B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US8984644B2 (en) 2003-07-01 2015-03-17 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US20070113272A2 (en) 2003-07-01 2007-05-17 Securityprofiling, Inc. Real-time vulnerability monitoring
US9118708B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc Multi-path remediation
US9100431B2 (en) 2003-07-01 2015-08-04 Securityprofiling, Llc Computer program product and apparatus for multi-path remediation
US9118710B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc System, method, and computer program product for reporting an occurrence in different manners
US9118709B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
WO2005024628A2 (en) * 2003-09-03 2005-03-17 Bitfone Corporation Tri-phase boot process in electronic devices
US20060031408A1 (en) * 2004-05-06 2006-02-09 Motorola, Inc. Push to activate and connect client/server applications
JP2005338959A (ja) * 2004-05-24 2005-12-08 Sony Corp 情報処理装置,実行判定方法,およびコンピュータプログラム
KR100644621B1 (ko) * 2004-08-06 2006-11-10 삼성전자주식회사 네트워크 디바이스의 소프트웨어 업데이트 방법
JP2006065857A (ja) * 2004-08-24 2006-03-09 Lg Electronics Inc 移動通信端末機のプログラム強制ダウンロード方法及び装置
WO2006094117A2 (en) 2005-03-01 2006-09-08 Mfoundry Application program update deployment to a mobile device
US7895651B2 (en) 2005-07-29 2011-02-22 Bit 9, Inc. Content tracking in a network security system
US8984636B2 (en) 2005-07-29 2015-03-17 Bit9, Inc. Content extractor and analysis system
US8272058B2 (en) 2005-07-29 2012-09-18 Bit 9, Inc. Centralized timed analysis in a network security system
US7634262B1 (en) * 2006-03-07 2009-12-15 Trend Micro, Inc. Virus pattern update for mobile device
US8811968B2 (en) * 2007-11-21 2014-08-19 Mfoundry, Inc. Systems and methods for executing an application on a mobile device
US8918872B2 (en) 2008-06-27 2014-12-23 Mcafee, Inc. System, method, and computer program product for reacting in response to a detection of an attempt to store a configuration file and an executable file on a removable device
US20100131683A1 (en) * 2008-11-26 2010-05-27 Moore Clay S System for storing, accessing and automatically updating documents
US8402544B1 (en) * 2008-12-22 2013-03-19 Trend Micro Incorporated Incremental scanning of computer files for malicious codes
US8654721B2 (en) 2010-08-04 2014-02-18 Intel Mobile Communications GmbH Communication devices, method for data communication, and computer program product
US8406780B2 (en) 2011-01-14 2013-03-26 Intel Mobile Communications GmbH LTE operation in white spaces
US10055727B2 (en) * 2012-11-05 2018-08-21 Mfoundry, Inc. Cloud-based systems and methods for providing consumer financial data
KR101438978B1 (ko) 2012-12-31 2014-09-11 현대자동차주식회사 리프로그래밍 방법 및 시스템
US9008907B2 (en) 2013-05-31 2015-04-14 Hugh D Copeland Intelligent vehicle power control system and method
US9357411B2 (en) 2014-02-07 2016-05-31 Qualcomm Incorporated Hardware assisted asset tracking for information leak prevention
CN105303106B (zh) * 2014-06-06 2019-06-25 腾讯科技(深圳)有限公司 恶意代码处理方法、装置及系统
US10841161B2 (en) * 2018-08-02 2020-11-17 Sap Se Real-time configuration check framework
DE102018219320A1 (de) * 2018-11-13 2020-05-14 Robert Bosch Gmbh Batteriesystem zur Verwendung an einem Bordnetz eines Kraftfahrzeugs
CN110874143B (zh) * 2019-11-14 2024-04-12 东莞市小精灵教育软件有限公司 传感器数据获取方法、智能终端、存储介质及电子设备
WO2022133878A1 (en) * 2020-12-24 2022-06-30 Qualcomm Incorporated Search and cell scan procedure for positioning-cellular network interworking scenarios
US20230185638A1 (en) * 2021-12-10 2023-06-15 Nvidia Corporation Application programming interfaces for interoperability
US20230185636A1 (en) * 2021-12-10 2023-06-15 Nvidia Corporation Application programming interfaces for interoperability

Family Cites Families (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4316246A (en) * 1979-09-06 1982-02-16 Honeywell Information Systems Inc. Battery switching apparatus included within a timer adapter unit
US5715463A (en) * 1992-03-31 1998-02-03 International Business Machines Corporation Installation utility for device drivers and utility programs
US5361358A (en) * 1992-08-07 1994-11-01 International Business Machines Corporation System and method for installing program code for operation from multiple bootable operating systems
US5815722A (en) * 1992-11-18 1998-09-29 Canon Information Systems, Inc. In an interactive network board, a method and apparatus for remotely downloading and executing files in a memory
US5845090A (en) * 1994-02-14 1998-12-01 Platinium Technology, Inc. System for software distribution in a digital computer network
US5802275A (en) * 1994-06-22 1998-09-01 Lucent Technologies Inc. Isolation of non-secure software from secure software to limit virus infection
US6151643A (en) * 1996-06-07 2000-11-21 Networks Associates, Inc. Automatic updating of diverse software products on multiple client computer systems by downloading scanning application to client computer and generating software list on client computer
US6182247B1 (en) * 1996-10-28 2001-01-30 Altera Corporation Embedded logic analyzer for a programmable logic device
US6023620A (en) 1997-02-26 2000-02-08 Telefonaktiebolaget Lm Ecrisson Method for downloading control software to a cellular telephone
US5948104A (en) * 1997-05-23 1999-09-07 Neuromedical Systems, Inc. System and method for automated anti-viral file update
US6934956B1 (en) * 1997-09-09 2005-08-23 Micron Technology, Inc. Method and apparatus for installing an operating system
GB2333864B (en) * 1998-01-28 2003-05-07 Ibm Distribution of software updates via a computer network
JP3017167B2 (ja) * 1998-05-20 2000-03-06 インターナショナル・ビジネス・マシーンズ・コーポレイション デ一タ記憶媒体からのリ一ド信号の2値化方法および装置
US6269254B1 (en) * 1998-09-28 2001-07-31 Motorola, Inc. Radio communications device and method with API between user application program and telephony program and method
EP1118949A1 (en) * 2000-01-21 2001-07-25 Hewlett-Packard Company, A Delaware Corporation Process and apparatus for allowing transaction between a user and a remote server
US6598168B1 (en) * 2000-05-09 2003-07-22 Power Digital Communications Co. Ltd Computer auto shut-off control method
US6799197B1 (en) * 2000-08-29 2004-09-28 Networks Associates Technology, Inc. Secure method and system for using a public network or email to administer to software on a plurality of client computers
US7054930B1 (en) * 2000-10-26 2006-05-30 Cisco Technology, Inc. System and method for propagating filters
US20020072347A1 (en) * 2000-12-07 2002-06-13 Dunko Greg A. System and method of receiving specific information at a mobile terminal
US6907423B2 (en) * 2001-01-04 2005-06-14 Sun Microsystems, Inc. Search engine interface and method of controlling client searches
US20020116629A1 (en) * 2001-02-16 2002-08-22 International Business Machines Corporation Apparatus and methods for active avoidance of objectionable content
US7123933B2 (en) * 2001-05-31 2006-10-17 Orative Corporation System and method for remote application management of a wireless device
US6792543B2 (en) * 2001-08-01 2004-09-14 Networks Associates Technology, Inc. Virus scanning on thin client devices using programmable assembly language
US7827611B2 (en) * 2001-08-01 2010-11-02 Mcafee, Inc. Malware scanning user interface for wireless devices
US7210168B2 (en) * 2001-10-15 2007-04-24 Mcafee, Inc. Updating malware definition data for mobile data processing devices
US6999721B2 (en) * 2002-01-17 2006-02-14 Microsoft Corporation Unified object transfer for multiple wireless transfer mechanisms
US6785820B1 (en) * 2002-04-02 2004-08-31 Networks Associates Technology, Inc. System, method and computer program product for conditionally updating a security program
US7216367B2 (en) * 2003-02-21 2007-05-08 Symantec Corporation Safe memory scanning
US6970697B2 (en) * 2003-04-17 2005-11-29 Ntt Docomo, Inc. Platform-independent scanning subsystem API for use in a mobile communication framework
US6987963B2 (en) * 2003-04-17 2006-01-17 Ntt Docomo, Inc. System, method and computer program product for content/context sensitive scanning utilizing a mobile communication device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
PKWARE INC: "APPNOTE.TXT - .ZIP File Format Specification", 11 January 2001 (2001-01-11), XP055183927, Retrieved from the Internet <URL:https://pkware.cachefly.net/webdocs/APPNOTE/APPNOTE-4.5.0.txt> [retrieved on 20150417] *

Also Published As

Publication number Publication date
KR101071597B1 (ko) 2011-10-10
CA2517548C (en) 2012-10-30
EP1629360A2 (en) 2006-03-01
NO336580B1 (no) 2015-09-28
KR20060008901A (ko) 2006-01-27
NO20055430L (no) 2006-01-10
JP4448849B2 (ja) 2010-04-14
CA2517548A1 (en) 2004-11-04
JP2007525059A (ja) 2007-08-30
EP1629360A4 (en) 2009-09-09
US20040210891A1 (en) 2004-10-21
WO2004095167A2 (en) 2004-11-04
US7254811B2 (en) 2007-08-07
NO20055430D0 (no) 2005-11-16
WO2004095167A3 (en) 2006-11-30

Similar Documents

Publication Publication Date Title
EP1629360B1 (en) Update system and method for updating a scanning subsystem in a mobile communication framework
EP1623297B1 (en) Api system, method and computer program product for accessing content/security analysis functionality in a mobile communication framework
EP3062234B1 (en) System, method and computer program product for content/context sensitive scanning utilizing a mobile communication device
US6970697B2 (en) Platform-independent scanning subsystem API for use in a mobile communication framework
KR20060092277A (ko) 실행하는 동안 애플리케이션을 업그레이드하기 위한 방법,소프트웨어 및 장치
CN102968321A (zh) 应用程序安装装置和应用程序安装方法
CN1981263A (zh) 在移动通信框架内用于更新扫描子系统的更新系统与方法

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20051107

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL HR LT LV MK

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: NTT DOCOMO, INC.

Owner name: MCAFEE, INC.

DAX Request for extension of the european patent (deleted)
PUAK Availability of information related to the publication of the international search report

Free format text: ORIGINAL CODE: 0009015

A4 Supplementary search report drawn up and despatched

Effective date: 20090812

RIC1 Information provided on ipc code assigned before grant

Ipc: G06F 9/445 20060101ALI20090806BHEP

Ipc: G06F 1/00 20060101AFI20041109BHEP

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: MCAFEE, INC.

Owner name: NTT DOCOMO, INC.

RIC1 Information provided on ipc code assigned before grant

Ipc: H04W 84/04 20090101ALI20170808BHEP

Ipc: H04W 88/02 20090101ALI20170808BHEP

Ipc: G06F 9/445 20060101ALI20170808BHEP

Ipc: H04W 12/12 20090101ALI20170808BHEP

Ipc: H04W 24/00 20090101ALI20170808BHEP

Ipc: G06F 21/64 20130101AFI20170808BHEP

Ipc: H04L 29/06 20060101ALI20170808BHEP

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: MCAFEE, LLC

Owner name: NTT DOCOMO, INC.

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: GRANT OF PATENT IS INTENDED

INTG Intention to grant announced

Effective date: 20171023

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAJ Information related to disapproval of communication of intention to grant by the applicant or resumption of examination proceedings by the epo deleted

Free format text: ORIGINAL CODE: EPIDOSDIGR1

GRAL Information related to payment of fee for publishing/printing deleted

Free format text: ORIGINAL CODE: EPIDOSDIGR3

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

REG Reference to a national code

Ref country code: DE

Ref legal event code: R079

Ref document number: 602004052819

Country of ref document: DE

Free format text: PREVIOUS MAIN CLASS: G06F0001000000

Ipc: G06F0008650000

GRAR Information related to intention to grant a patent recorded

Free format text: ORIGINAL CODE: EPIDOSNIGR71

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: GRANT OF PATENT IS INTENDED

INTC Intention to grant announced (deleted)
RIC1 Information provided on ipc code assigned before grant

Ipc: G06F 21/64 20130101ALI20180222BHEP

Ipc: H04W 88/02 20090101ALI20180222BHEP

Ipc: H04L 29/06 20060101ALI20180222BHEP

Ipc: H04W 84/04 20090101ALI20180222BHEP

Ipc: H04W 12/12 20090101ALI20180222BHEP

Ipc: H04W 24/00 20090101ALI20180222BHEP

Ipc: G06F 8/65 20180101AFI20180222BHEP

INTG Intention to grant announced

Effective date: 20180305

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE PATENT HAS BEEN GRANTED

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

Ref country code: AT

Ref legal event code: REF

Ref document number: 1009153

Country of ref document: AT

Kind code of ref document: T

Effective date: 20180615

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602004052819

Country of ref document: DE

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: NL

Ref legal event code: MP

Effective date: 20180613

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180613

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180613

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180913

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180613

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180613

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180914

REG Reference to a national code

Ref country code: AT

Ref legal event code: MK05

Ref document number: 1009153

Country of ref document: AT

Kind code of ref document: T

Effective date: 20180613

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180613

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180613

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180613

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180613

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180613

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180613

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180613

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180613

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 602004052819

Country of ref document: DE

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20190314

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180613

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180613

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

REG Reference to a national code

Ref country code: BE

Ref legal event code: MM

Effective date: 20190430

GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 20190405

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20190405

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180613

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20190430

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20190430

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20190405

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20190430

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20190430

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180613

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20190405

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20181015

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: HU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO

Effective date: 20040405

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20220223

Year of fee payment: 19

REG Reference to a national code

Ref country code: DE

Ref legal event code: R119

Ref document number: 602004052819

Country of ref document: DE

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20231103